afl.rs icon indicating copy to clipboard operation
afl.rs copied to clipboard
verified publisher icon rust-fuzz

AFL++'s LLVM plugins are not built by default

Open smoelius opened this issue 1 year ago • 13 comments

@vanhauser-thc wrote in #449:

AFL++'s LLVM plugins are not built by default. And even if the user wants to build them the check is faulty:

$ cargo-afl afl config --plugins
AFL LLVM runtime was already built for Rust rustc-1.75.0-nightly-42b1224; run `cargo afl config --build --force` to rebuild it.
$ ls /home/marc/.local/share/afl.rs/rustc-1.75.0-nightly-42b1224/afl.rs-0.15.1/afl-llvm
libafl-llvm-rt.a  libafl-llvm-rt.o

The message says "runtime" which would be correct, because the runtime is there, but what we want are the --plugins which are not.

smoelius avatar Jan 15 '24 13:01 smoelius

I'm fairly new to both rust and AFL++ and a little lost about the work around here. For context I arrived here while investigating why my fuzzing campaign seemed to stall pretty early on.

I can see that we're taking this branch on my code: https://github.com/rust-fuzz/afl.rs/blob/08d63a6c99bb0701a5ad99974bc0e2c786808cd2/cargo-afl/src/main.rs#L272-L280 And I don't seem to have e.g. cmplog-instructions-pass.so anywhere in my home directory.

What do I need to do or change to get CMPLOG support? I am on:

rustc 1.73.0 (cc66ad468 2023-10-03)
binary: rustc
commit-hash: cc66ad468955717ab92600c770da8c1601a4ff33
commit-date: 2023-10-03
host: x86_64-unknown-linux-gnu
release: 1.73.0
LLVM version: 17.0.2

Thanks for all your work on this project!

jberryman avatar Feb 08 '24 19:02 jberryman

Oh and I ran cargo afl config --build --force but that seemed not to do anything

jberryman avatar Feb 08 '24 19:02 jberryman

It is ‘cargo afl config —plugins --force’

Also #451

vanhauser-thc avatar Feb 08 '24 21:02 vanhauser-thc

ah thanks!

so ...

$ rustup show
Default host: x86_64-unknown-linux-gnu
rustup home:  /home/me/.rustup

installed toolchains
--------------------

stable-x86_64-unknown-linux-gnu
nightly-x86_64-unknown-linux-gnu (default)

active toolchain
----------------

nightly-x86_64-unknown-linux-gnu (default)
rustc 1.78.0-nightly (8ace7ea1f 2024-02-07)

$ rustc --version --verbose
rustc 1.78.0-nightly (8ace7ea1f 2024-02-07)
binary: rustc
commit-hash: 8ace7ea1f7cbba7b4f031e66c54ca237a0d65de6
commit-date: 2024-02-07
host: x86_64-unknown-linux-gnu
release: 1.78.0-nightly
LLVM version: 17.0.6

then

$ cargo install cargo-afl --force
   ...
$ ls /home/me/.local/share/afl.rs/rustc-1.78.0-nightly-8ace7ea/afl.rs-0.15.3/afl-llvm
libafl-llvm-rt.a  libafl-llvm-rt.o
$ cargo afl config --plugins --force
thread 'main' panicked at /home/me/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-afl-0.15.3/src/config.rs:180:29:
could not run llvm-config-17 --version

The logic here seems to assume rust's llvm is in my path? That's not the case for me (I happen to have llvm-14 installed currently)

jberryman avatar Feb 08 '24 22:02 jberryman

I guess that's just on me to install and keep up to date; I don't see llvm-config in the stuff rustc ships

jberryman avatar Feb 08 '24 22:02 jberryman

You need to install the llvm-tools component with rustup and install llvm 17 (eg apt.llvm.org)

vanhauser-thc avatar Feb 09 '24 05:02 vanhauser-thc

installing llvm-17 on my system was sufficient, then after running cargo afl config --plugins --force it compiled with cmplog plugins etc. thanks for the help!

jberryman avatar Feb 12 '24 16:02 jberryman

Renaming this issue to just "AFL++'s LLVM plugins are not built by default".

The check should be fixed by #498.

Re building the plugins by default, I would prefer to wait until Rust's plugin support is stabilized (e.g., https://github.com/rust-lang/rust/issues/127577).

smoelius avatar Jul 12 '24 09:07 smoelius